Trotz der strengen Methodik und Vorkehrung beim Design, der Entwicklung und Erstellung unserer Produkte können Sicherheitsrisiken auftreten.
Diese Seite enthält alle bekannten Sicherheitsmeldungen zu Produkten, die von ARC Informatique entwickelt wurden. Besuchen Sie sie regelmäßig, um aktuelle Informationen zu erhalten.
Wir nehmen Sicherheitsfragen sehr ernst. Es ist unsere Philosophie und Praxis, Probleme rasch anzugehen und Sie beim Schutz Ihrer Systeme zu unterstützen.
Unseren Kunden stehen Sicherheitsbulletins mit einer Beschreibung der Sicherheitsrisiken und einer Anleitung zu deren Begrenzung zur Verfügung.
| Alert Id | Status | Last update | Description |
Product | Security bulletin |
| 2023-1 | Completed | Oct 2nd 2023 |
Multiple vulnerabilities have been fixed in the UaGateway : CVE-2022-4304 – OpenSSL library ZDI-CAN-20497 – Use-After-Free Denial-of-Service |
UaGateway versions prior to 1.5.14 | Refer to Unified Automation Security Bulletins and UaGateway Changelog for more details. |
| 2022-7 | Completed | Jan 23rd 2023 | A vulnerability affects the configuration of SMS & Email Accounts. CVE Id: CVE-2022-4312 Fixed in PcVue 12.0.28 and PcVue 15.2.4 |
All versions since PcVue 8.10 | SB2022-7 |
| 2022-6 | Completed | Dec 20th 2022 | An Insertion of Sensitive Information in Log File vulnerability affects the DbConnect configuration. CVE Id: CVE-2022-4311 Fixed in PcVue 15.2.3. |
PcVue 15 | SB2022-6 |
| 2022-5 | Completed | Jan 23rd 2023 | A Denial of Service vulnerability affects the IEC 61850 client driver and the ICCP/TASE.2 interface. CVE-2022-38138 Fixed in PcVue 12.0.28 and PcVue 15.2.3 |
IEC 61850 : PcVue 10.0 onward ICCP/TASE.2 : PcVue 15.1 |
SB2022-5 |
| 2022-4 | Completed | Sep 19th 2022 |
A vulnerability affects the configuration of the OAuth web service. CVE-2022-2569 |
PcVue 12 PcVue 15 |
SB2022-4 |
| 2022-3 | Completed | Jan 7th 2022 |
During the Miami Pwn2Own contest the Zero Days Initiative (ZDI) reported multiple vulnerabilities. |
UaGateway versions prior to 1.5.10 | Refer to Unified Automation Security Bulletins for more details. |
| 2022-2 | Completed | Jul 5th 2022 | CVE-2021-45117 – OPC Foundation, autogenerated ANSI C Stack Stubs CVE-2022-0778 – OpenSSL library Fixed in UaGateway version 1.5.9 |
UaGateway versions prior to 1.5.9 | Refer to Unified Automation Security Bulletins for more details. |
| 2022-1 | Completed | Feb 28th 2022 | Ocean Data Systems Dream Report privilege escalation vulnerabilities. Dream Report 5 : CVE-2020-13532, CVE-2020-13533, CVE-2020-13534 Dream Report 2020 : CVE-2021-21957 Fixed in Dream Report 2020 R2 SP1 |
Dream Report | |
| 2021-1 | Completed | Dec 16th 2021 | Timeline and concerns related to the Apache Log4j vulnerability CVE-2021-44228, CVE-2021-45046 |
SB2021-1 | |
| 2020-1 | Completed | Aug 2nd 2021 |
3 vulnerabilities affect the interface between the Web & Mobile back end and the web services hosted in Microsoft IIS |
PcVue 8.10 and later | SB2020-1 |
| 2018-1 | Completed | Jan 22nd 2018 | ICS-ALERT-18-011-01B: Timeline and concerns related to the Microsoft Windows updates designed to mitigate the Meltdown & Spectre vulnerabilities | PcVue, FrontVue, PlantVue, Partner products |
SB2018-1 |
| 2012-2 | Completed | Aug 30th 2012 |
ICSA-12-024-01: Ocean Data Systems Dream Reports XSS and write access violation vunlerabilities. |
Dream Report versions prior to 4.0 | - |
| 2012-1 | Completed | Nov 21st 2014 | ActiveBar, a 3rd party component used in our products is subject to an alert. More information is available at Microsoft KB2562937 Microsoft released a Windows security update addressing this issue in August 2011. |
PcVue 6.0 and later, FrontVue - All versions, PlantVue - All versions |
SB2012-1 |
| 2011-1 | Completed | Nov 21st 2014 |
ICS-ALERT-11-271-01: PcVue HMI/SCADA multiple ActiveX Vulnerabilities |
PcVue 6.0 and later, FrontVue - All versions, PlantVue - All versions |
SB2011-1 |
Sie möchten eine Sicherheitslücke melden oder Feedback abgeben – Bitte senden Sie uns eine Mail an secure@arcinfo.com